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representing a list of approved processes and that a host 
computer is programmed to decrypt the encrypted data in the 
registry file and then search that decrypted data for an entry 
matching an identifier that identifies a starting process to be 
executed. As will be shown in detail below, the last of the 
three basic criteria for establishing a prima facie case of 
obviousness, namely, that the combined prior art references 
must teach or suggest all the claim limitations, has not been 
met by the Final Rejection. Accordingly, the Applicant believes 
that the rejection based on Hiyama, McGee and Hile should be 
withdrawn. The specific limitations that are absent from the 
references were set forth in detail in Applicant's Response to 
Final Rejection filed on July 25, 2005. 

In the Advisory Action, the Examiner concedes that 
the embodiments of McGee ''are not exactly the same as the 
claimed invention". This means that one or more limitations in 
the claim cannot be found in McGee. While the Examiner asserts 
that the differences are obvious, the Advisory Action does not 
explain what the Examiner believes to be the differences. Nor 
does the Advisory Action explain why such differences would be 
obvious. They could only be obvious in view of some further 
prior art teaching. What that further teaching might be is 
unclear at this juncture. Clarification is requested on this 
point . 

More precisely, the Applicant respectfully requests 
clarification why it would have been obvious to provide a 
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''registry file contain [ing] encrypted data representing a list 
of all processes that are approved by the system manufacturer 
or service provider to run on the imaging system "' (emphases 
added), as recited in Applicant's claims 1 and 30, in view of 
McGee's teaching of digitally signing registration data using a 
"user's own private signing key", which clearly implies that 
the registration data is personal to that user. 

Furthermore, the digital signature of McGee is an 
encryption of a hash value derived from a list of hash values 
generated from the executable files. Conversely, the decryption 
of that digital signature will be the hash value derived from 
the list (i.e., multiplicity) of hash values and is not the 
hash value of any particular executable file. McGee teaches 
that the execution of files is monitored by comparing the hash 
values stored in the registry list to the hash value generated 
from the file to be executed. [McGee, col. 4, lines 25-27.] If 
there is a match, the application is granted execution 
privileges. [McGee, col, 5, lines 6-7.] 

More specifically, McGee uses hash values generated 
using ''one-way hash functions", as stated in column 7 at line 
28 and in column 8 at line 53. A hash function H ±s a 
transformation that takes a variable-size input m and returns a 
fixed-size string, which is called the hash value h (that is h 
= Him) . One basic requirement of a cryptographic hash function 
is that it be "one-way". A hash function is said to be "one- 
way" if it is hard to invert, meaning that given a hash value 
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h, it is computationally unfeasible to find some input x such 
that H(x) = h. In other words, the one-way hash values 
disclosed by McGee are not decrypted and could not be 
decrypted, which is largely due to the fact that the hash 
values are generated by transforming a large domain into a 
small range, resulting in lost data that cannot be recovered by 
inverting the hash function. 

In contrast. Applicant's claims 1 and 30 each recite 
that the host computer is programmed to search the decrypted 
data "for an entry matching the identifier received from said 
operating system identifying a starting process of said 
application program to be executed by said operating system". 
The hash values generated from executable files in accordance 
with the . McGee teaching correspond to Applicant's identifiers. 
These hash values exist in the registry of McGee in un- 
encrypted form, separate and apart from the digital signature, 
which is an encryption derived from those hash values. Since 
McGee' s identifiers are not encrypted, they do not need to be 
decrypted. Accordingly, the search of those hash values (i.e., 
identifiers) for a hash value identifying the file to be 
executed does not constitute a search of "decrypted data", as 
recited in Applicant's claims 1 and 30. 

Accordingly, the rejection of claims 1 and 30 based 

on Hiyama in view of McGee and Hile does not satisfy the 

requirement that the cited prior art disclose all of the 
limitations of the rejected claim. 
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The obviousness rejections set forth in SI^ 4 and 5 
of the action are both based on Hiyama, McGee and Hile as 
applied to claim 1 and/or 30 in combination with a fourth 
reference (Yamamoto and Kisor) . These rejections suffer from 
the same infirmities as those noted above vis-a-vis the 
Hiyama/McGee/Hile combination. Accordingly, it is believed 
that claims 2, 3, 5, 10 and 33 are patentable at least for the 
same reasons that claims 1 and 30, on which they depend, are 
patentable . 

In view of the foregoing, the Applicant submits that 
this application is now in condition for allowance. 
Reconsideration of the application and allowance of claims 1- 
5, 8-13, and 30-36 are hereby requested. 

Respectfully submitted, 
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